Slashdot Mirror

← Back to Stories (view on slashdot.org)

PHP Blogging Apps Open to XML-RPC Exploits

Posted by Zonk on Monday July 4, 2005 @10:15AM from the batten-down-the-hatches dept.

miller60 writes "A bunch of popular PHP-based blogging and content management apps are vulnerable to a security hole in the PHP libraries handling XML-RPC, which could allow a server compromise. Affected apps include Wordpress, Drupal, PostNuke, Serendipity, phpAdsNew, phpWiki and many more. The presence of the security hole in a large number of programs is among the factors leading the Internet Storm Center to warn that the environment is ripe for a major Internet security event."

3 of 166 comments (clear)

Min score:

Reason:

Sort:

unhealthy by isnochys · 2005-07-04 10:24 · Score: 1, Offtopic

blogging will lead to insane children
--
www.isnochys.com
Re:How to patch PHP/PEAR by xWastedMindx · 2005-07-04 10:28 · Score: 0, Offtopic

or...

apt-get update; apt-get dist-upgrade
Open-source, bah! by tonyblake2003 · 2005-07-04 10:59 · Score: 0, Offtopic

How *dare* an open-source product have bugs! This is exactly the reason that I threw my MSWin servers into the sea. Now you're expecting me to update my PHP libs? God almighty, you're all the same.